RPC over HTTP allows mobile users to connect their Outlook clients to their Exchange Servers without the often obtrusive reliance on the VPN connection, and without resorting to Outlook Web Access. A new feature in Outlook 2003, it allows laptop users to take their Exchange with them without worrying about ports and such, and has made mobile computing - what I have come to refer to as the café office lifestyle - more convenient.
Over the past two years I have helped to convert many SBSers from having to rely on POP e-mail accounts - a method of communications secure in the same way that yelling across a crowded Metro car filled with spies is secure - to fully implementing their SBS Exchange Servers as their primary mail server, using such tricks as dynamic DNS hosts, Mail Hops, and SBS-generated certificates to perform tasks that were once the tools of medium-sized offices alone. Credit Rick Claus for converting me, and Daniel Nerenberg for helping me through the first time.
Of course to ensure security you have to install the server's certificate on the client in order to authenticate securely. Simply surf to your server's site (i.e.: https://domainname.com, or https://servername.dyndns.org), View the certificate, install the certificate, and you were done... RPC over HTTP will now work.
When I started beta-testing Windows Vista (with Internet Explorer 7) in October of last year I quickly realized this procedure did not work the same way, and spent long and grueling hours trying to find a solution. Please note that this solution has gotten easier over time and though I have had RPC over HTTP working on Vista for many months, the following solution is only confirmed to work in the RC1 builds - 5600 and 5728.
- Follow the instructions to set up your Exchange account using RPC over HTTP.
- Close all instances of Internet Explorer.
- Right-click Internet Explorer and select Run As Administrator. (This will not work with the IE icon in the Start Menu which has special properties).
- surf to the proper site (https://domainname.com or https://servername.dyndns.org)
- On the certificate warning page click Continue to this website (not recommended).
- In the address bar there will be a Certificate Error message. Click on it, and click 'view certificates'.
- In the certificate dialogue box the familiar 'Install Certificate' button is back (it does not appear if you do not run with elevated privileges). Click on it, and follow instructions in the Certificate Import Wizard.
- In the Certificate Store window select the radial 'Place all certificates in the following store:'
- Next to the text box click Browse, and in the next window select 'Trusted Root Certification Authorities' and click Next.
- Follow the rest of the wizard, accepting to install the certificate, and finish out of the wizard.
That's it... of course there are a few extra steps involved over Windows XP with IE6, but that is the price we pay for improved security.
Now go forth and compute securely, knowing that your mail is once again secure but functional!